Employees snoop on corporate systems if they can, researchers find

Occasions when employees were able to access information that should have been off-limits are among the evidence of insider threats uncovered by researchers.

Spying with binoculars
Credit: Thinkstock

A recent study examined how one financial institution's employees behaved on the corporate network over a six-month period.

"Some of that behavior included occasions when employees were able to access information that should have been off-limits," a National Science Foundation press release says of the study.

The researchers found that the workers snooped where they shouldn't have.

Insider threats

The insider threat is "one of the most serious risks in the cybersecurity world," the researchers think.

"Most countermeasures were developed for external attacks," says Jingguo Wang, an information systems and operations management professor at the University of Texas at Arlington, who was involved in the study.

"The insider threat is clearly a challenge for organizations," Wang says.

Behavioral logs

The group studied almost half a year of behavioral logs supplied by a financial institution and looked for vulnerabilities that could be exploited by "spies and criminals, as well as those who could jeopardize a company through negligence," the website says.

Several thousand anonymized internal users were studied.

'Off-limits' information

They found that employees were able to look around where they shouldn't have.

The researchers don't say how many cases of snooping that they found, nor what exactly the nosey individuals looked at, but only said that "employees were able to access information that should have been off-limits."

"The point is that people are looking around in areas where they shouldn't," fellow researcher H. Raghav Rao, a management science and systems professor at the State University of New York at Buffalo, says on the website.

They're the workers who have access to the system, but who, out of "malice or naiveté," puts a system at risk, the study found.


"Some systems might be vulnerable because they have a lot of value or because people might be curious," Rao says.

In the text, the researchers aren't particularly accusatory towards the workers. They emphasize that the causes of the improper access related to basic system security, or access controls, let people in. Those are to blame for the issue, according to the report.

Catastrophic damage

Areas that should be walled off often are not, the researchers said. And that is where the problem lies.

Even insiders who don't have any malicious intent but are just stumbling on the area can create issues by "copying that data to an unsecure location or forwarding it to someone else," they said in the report.

Catastrophic damage could result, they said.

And what to do?

"Lots of people point to insider threat as a big problem," Rao said on the website. "Not too many people are familiar with what to do about it."

Rao says that the researchers have completed the first phase of their discovery, which is looking at risk levels of assets and finding vulnerabilities, according to the report. The next thing they intend to do is explore the circumstances "in which inside users are likely to wind up exploring places in a network where they shouldn't be allowed."

And after that they want to develop control tools and, perhaps more controversially, detection tools.

The lawyers' counter argument to that will likely be: "What are you doing snooping around my client? Maybe lock it down better instead."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10